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Do cument 2 

U.S. Department of Euergy 
Electricity Delivery and 
Energy Reliability 
Form OE-417 


ELECTRIC EMERGENCY INCIDENT AND 
DISTURBANCE REPORT 


OMB No. 1901^0288 
Approval Empires: 05/31/2021 
Bunlen Pei? Response; 1.8 hours 


NOTICE: This report is mandatory under Public law 93-275. Failure to comply may result in criminal fines, civil penalties and other sanctions as provided by 
law. For the sanctions and the provisions concerning the confidentiality of information submitted on this fonn, see General Information portion of the instructions. 
Title 13 USC1001 makes it a criminal offense for any person knowingly and willingly to make to any Agency or Department of the United States any false, 
fictitious, or frandnlent statements as to any matter within its jurisdiction, ____ 


RESPONSE DUE: 

Within 1 hour of the incident, submit Schedule 1 and lines M - Q in Schedule 2 as an Emergency Alert report if criteria 1-8 are met. 

Within 6 hours of the incident submit Schedule 1 and lines M - Q in Schedule 2 as a Normal Report if only criteria 9-12 are met. 

By the later of 24 hours after the recognition of the incident OR by the end of the next business day submit Schedule 1 & lines M - Q in Schedule 2 as a System 
Report if criteria 13-24 are met. Note 4 00pm local lime will be considered the end of the business day 

Submit updates as needed and/or a final report (all of Schedules 1 and 2) within 72 hours of the incident 

For NERC reporting entities registered in die United States; NERC has approved that the form OE-417 meets the submittal requirements for NERC. There may 
be other applicable regional, state and local reporting requirements. 


METHODS OF FILING RESPONSE 
(Retain a completed copy of this form for your files.) 

Online: Submit form via online submission at: httns.V/www.oe.netl.doe.gov/OF.417/ 

FAX: FAX Fonn OE-417 to the following facsimile number: (202) 586-8485. 

Alternate: If you are unable to submit ooline or by fax, forms may be e-mailed to doehQeoc@lia.doe. gov , or call and report the information to the 

following telephone number (202) 586-8100. 


SCHEDULE 1 - ALERT CRITERIA 

_ (Page 1 of 4) _ 


Criteria for Filine (Check all that apply) 
See Instructions For More Information 


EMERGENCY ALERT 
File within 1-Hour 

If any box 1-8 on the right is 
checked, this form must be 
filed within 1 hour of the 
incident; check Emergency 
Alert (for the Alert Status) ou 
Line A below. 


1. [ ] Physical attack that causes major interruptions or impacts to critical infrastructure facilities or to operations 

2. [X ] Cyber event that causes interruptions of electrical system operations 

3. [ ] Complete operational failure or shut-down of the transmission and/or distribution electrical system 

4. [ ] Electrical System Separation (Islanding) where part or parts of a power grid remain(s) operational in an otherwise 

blacked out area or within the partial failure of an integrated electrical system 

5. [ ] Uncontrolled loss of 300 Megawatts or more of firm system loads for 15 minutes or more from a single 

incident 

6. [ J Firm load shedding of 100 Megawatts or more implemented under emergency operational policy 

7. [ ] System-wide voltage reductions of 3 percent or more 

8. [ ] Public appeal to reduce the use of electricity for purposes of maintaining the continuity of the Bulk Electric System 


NORMAL REPORT 
File within 6-Hours 

If any box 9-12 on the right is 
checked AND none of the 
boxes 1-8 are checked, this 
form must be filed within 6 
hours of the incident; check 
Normal Report (for the Alert 
Status) on Line A below. 


9. [ J Physical attack that could potentially impact electric power system adequacy or reliability, or vandalism which 
targets components of any security systems 

10. [X ] Cyber event that could potentially impact electric power system adequacy or reliability 

11. [ ] Loss of electric service to more than 50,000 customers for 1 hour or more 

12. [ ] Fuel supply emergencies that could impact electric power system adequacy or reliability 













SYSTEM REPORT 
File within 1-Business Day 
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SCHEDULE 1 - ALERT CRITERIA - CONTINUED 

(Page 2 of 4) 


13. [ ] Damage or destruction of a Facility within its Reliability Coordinator Area. Balancing Authority Area or 

Transmission Operator Area that resuits in action(s) to avoid a Bulk Electric System Emergency. 

14. [ ] Damage or destruction of its Facility that results from actual or suspected intentional human action. 

15. [ j Physical threat to its Facility excluding weather or natural disaster related threats, which has the potential to 

degrade the normal operation of the Facility. Or suspicious device or activity at its Facility- 

16. [ ] Physical threat to its Bulk Electric System control center, excluding weather or natural disaster related threats, which 

has the potential to degrade the normal operation of the control center. Or suspicious device or activity at its Bulk 
Electric System control center. 


If any box 13-24 on die right is 17. [ ] Bulk Electric System Emergency resulting in voltage deviation on a Facility; A voltage deviation equal to or 

checked AND none of the greater than 10% of nominal voltage sustained for greater than or equal to 15 continuous minutes, 

boxes 1-12 are checked, this 

form must be filed by the later 18. [ ] Uncontrolled loss of 200 Megawatts or more of firm system loads for 15 minutes or more from a single incident for 

of 24 hours after the entities with previous year's peak demand less than or equal to 3,000 Megawatts 

recognition of the incident OR 

by the end of the next business 19. [ 3 Total generation loss, within one minute of: greater than or equal to 2,000 Megawatts in the Eastern or Western 

day. Note 4:00pm local time Interconnection or greater than or equal to 1,400 Megawatts in the ERCOT Interconnection, 

will be considered the end of 

the business day. Check 20. [ J Complete loss of off-site power (LOOP) affecting a nuclear generating station per the Nuclear Plant Interface 
System Report (for the Alert Requirements. 

Status) on Line A below. 

21. [ ] Unexpected Transmission loss within its area, contrary to design, of three or more Bulk Electric System 

Facilities caused by a common disturbance (excluding successful automatic reclosing). 

22. [ ] Unplanned evacuation from its Bulk Electric System control center facility for 30 continuous minutes or more. 

23. [ ] Complete loss of Interpersonal Communication and Alternative Interpersonal Communication capability affecting 

its staffed Bulk Electric System control center for 30 continuous minutes or more. 

24. [ ] Complete loss of monitoring or control capability at its staffed Bulk Electric System control center for 30 

continuous minutes or more. 


If significant changes have occurred after filing die initial report, re-file the form with the changes and check Update (for the Alert Status) on Line A below. 
The form mast be re-filed within 72 lmurs of the incident with the latest information and Final (Alert Status) checked on Line A below, unless updated 



Alert Status (check one) 


B. Organization Name 



Normal Report 

System Report 

Update 

[ 1 

[ 1 

iXi 

6 Hours 

1 Business Day 

As required 


Final 
( ] 
72 Hours 



2180 South 1300 East Suite 600 Satt Lake City Utah 84106 


C. Address of Principal Business Office 

















[ 
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SCHEDULE 1 - ALERT NOTICE 



Geographic Area(s) Affected 
(County, State) 


Date/Time Incident Began 
(mindd-yv/bh :aun) using 24-hour dock 


Date/Time Incident Ended 
(mm-dd-vv/ hknnn) using 24-hour clock 


Estimate of Amount of Demand Involved 
(Peak Megawatts) 


Estimate of Number of Customers Affected 


3 of 4) 




California: Kern County, Los Angeles County; Utah: Salt Lake County; Wyoming: Converse County; 


03 - ns - 9019 / m : 1 ? 

mo dd w fail nnn 


03 - 05 - 2019 / IS- : 57 

mo dd VY hh mm 


Yes [ ] 


[ ] Eastern [ ] Central [Xl Mountain 

I 1 Pacific f 1 Alaska f 1 Hawaii 


[ ] Eastern ( ] Central [Xl Mountain 



Not J 

Unknown [X] 

ZeiotXJ 

Unknown[ ] 

ZerotX] 

Unknown [ ] 


J. Cause 


SCHEDULE 1 - TYPE OF EMERGENCY 

Check all that apply 


K_ Impact 


L. Actiou Taken 


□ Unknown 

□ Physical attack 

□ Threat of physical attack 

□ Vandalism 

□ Theft 

□ Suspicious activity 

□ Cyber event (information technology) 

89 Cyber event (operational technology) 

□ Fuel supply emergencies, interruption, or 

deficiency 

□ Generator loss or failure not due to fuel supply 
interruption or deficiency or transmission 
failure 

□ Transmission equipment failure (not including 
substation or switchyard) 

□ Failure at high voltage substation or switchyard 

□ Weather or natural disaster 

□ Operator action(s) 

□ Other 

El Additional Monnation/Comments: 
listlal assessment revealed that a firewall exploit was liKety utilized to 
execute a denial ol service attack that caused (he firewaBs to reboot 
fencing to an approximately 5 minute communications outage 


□ None 

□ Control center loss, feilure, or evacuation 

□ Loss or degradation of control center monitoring 
or communication systems 

□ Damage or destruction of a facility 

□ Electrical system separation (islanding) 

□ Complete operational failure or shutdown of the 
transmission and/or distribution system 

□ Major transmission system interruption (three or 
more BES elements) 

□ Major distribution system interruption 

□ Uncontrolled loss of 200 MW or more of firm 
system loads for 15 minutes or more 

□ Loss of electric service to more than 50,000 
customers for 1 hour or more 

□ System-wide voltage reductions or 3 percent or 
more 

□ Voltage deviation on an individual fecihty of 
>10% for 15 minutes or more 

□ Inadequate electric resources to serve load 

□ Generating c<q>acity loss of 1,400 MW or more 

□ Generating capacity loss of 2,000 MW or more 

□ Complete loss of off-site power to a nuclear 
generating station 

59 Other 

23 Additional Infonnacion/Commenfs: 

Firewall reboots resulted In brief communscatiora outages 

(approximately 5 minutes) between field devices at sites sod between 

the 3iles and sPoweCs Control Center 


□ None 

□ Shed Firm Load: Load shedding of 100 
MW or more implemented under 
emergency operational policy (manually 
or automatically via UFLS or remedial 
action scheme) 

□ Public appeal to reduce the use of 
electricity for the purpose of maintaining 
the continuity of the electric power 
system 

□ Implemented a warning, alert, or 
contingency plan 

□ Voltage reduction 

□ Shed Interruptible Load 

□ Repaired or restored 

□ Mitigation implemented 

BJ Other 

S3 Additional Information/Comments 

Alter learning of Ihe potential cause of the reboot, sPower 

started testing and deployment of an update to remove the 

exploited vulnerability 
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OMB No. 19014)288 

ELECTRIC EMERGENCY INCIDENT AND 

Approval Expires: 05/31/2021 

DISTURBANCE REPORT j 

[ Burden Per ResponsetT.8 hours 


SCHEDULE 2 - NARRATIVE DESCRIPTION 

(Page 4 of 4) 

Information an Schedule 2 will not be disclosed to the public to the extent that it satisfies the criteria for exemption under the Freedom of Information Act, e.g., 
exemptions for confidential commercial information and trade secrets, certain information that could endanger the physical safer}' of an individual, or 

information designated as Critical Energy Infrastructure Information. 


NAME OF OFFICLU, THAT SHOLTJ5 BE CONTACTED FOR FOLLOW-LT OR ANY ADDITIONAL INFORMATION 


Name I Lucas Root 


erafions 


one Number 


FAX Number 


E-mail Address 


Provides description of the incident and actions taken to resolve it. Include as appropriate, the cause of the incident/disturbance, change in frequency, 
mitigation actions taken, equipment damaged, critical infrastructures interrupted, effects on other systems, and preliminary results from any 
investigations. Be sure to identify: the estimate restoration date, the name of any lost high voltage substations or switchyards, whether there was any 
electrical system separation (and if there were, what the islanding boundaries were), and the name of the generators and voltage lines that were lost 
(shown by capacity type and voltage size grouping). If necessary; copy and attach additional sheets. Equivalent documents, containing this information can 
be supplied to meet the requirement; this includes the NERC EOP-004 Disturbance Report. Along with the Sing of Schedule 2, a-final (updated) Schedule 1 
needs to he filed. Check the Final box on line A for Alert Status on Schedule 1 and submit this and the completed Schedule 2 no later than 72 hours 
after detection that a criterion was met. 




R. . Narrative: 

aPower is a Generator Owner and Generator Operator of wind and solar generation assals that are operated from a Control Center in Sail Lake City, UT.(t)) (7)(E) 


These updates are ongoing. 


S. Estimated Restoration Date far all Affected Customers 
Who Can Receive Power 


T. Name of Assets Impacted 


mo dd yy 


Pioneer, Beacon 4. ABSR, DSR1, DSR2, Beacon 1, Elevation C, WABSRB. Bayshore A Bayshore B, Bayshore C, Sotverde, 
firewall at sPower headquarters 


Select if you approve of all of the information provided on the Form bang submitted to the North America Electric 
Reliability Corporation (NERC) and/or the Electricity Information Sharing and Analysis Center (E-ISAC) 



NERC is an entity that is certified by the Federal Energy Regulatory Commission to establish and enforce reliability 
standards for the bulk power system but that is not part of the Federal Government This information would be 
submitted to help fulfill the respondent’s requirements under NERC's reliability standards. 

If approval is given to alert NERC andfor E-ISAC the Form will be emailed to systeniawareness@nerc_iiet and'or 
operations@eisac.com when it is submitted to DOE. DOE is not responsible for ensuring the receipt of these emails 

by NERC and/or E-ISAC. 

K Notify NERC | B Notify E-ISAC 
































